⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

"where clause" not work in ADD/EDIT/DELETE?



Billy Wong
  • profile picture
  • Member

Posted 26 October 2014 - 19:32 PM

I'm trying a function that view and edit self's profile(1.jpg, 2.jpg) :
$crud = new grocery_CRUD();
$crud->set_table('staff');
$crud->where ('id',$_SESSION['myID']);
$crud->$crud->unset_add();
$output = $crud->render();
$this->_view_output($output);

The result seem correct and listed one record that matched with myID.

 

But, I can simply

  view/edit another row by modify URL (3.jpg)

  add a row by modify the URL (4.jpg)

  delete a row by same method

  or do this my modify source code in a browser.

Is there any (easy is better) way to prevent this? Thank you.

 

 


Amit Shah
  • profile picture
  • Member

Posted 26 October 2014 - 20:15 PM

Hi there,

 

Well my friend - where clause is only for restricting the view .. and not the actions related to them.

 

In order for you to prevent the actions, you have to manually code for the same. Based on the criteria / condition ... you might have to reject the action call / show error ... etc..


Billy Wong
  • profile picture
  • Member

Posted 26 October 2014 - 21:19 PM

Hi there,

 

Well my friend - where clause is only for restricting the view .. and not the actions related to them.

 

In order for you to prevent the actions, you have to manually code for the same. Based on the criteria / condition ... you might have to reject the action call / show error ... etc..

Could it be done inside controller's file to handle reject these call?

or may I where entrance point i need to start with?

Many thanks


Amit Shah
  • profile picture
  • Member

Posted 27 October 2014 - 08:27 AM

yes it has to be done in the controller's method itself... where u making the call to the GC functions